public interface AccessResolver
AccessAdapter
interface.
Modifier and Type | Method and Description |
---|---|
void |
flushCache()
flush cache if caching resolver
|
GrouperSession |
getGrouperSession()
get a reference to the session
|
Set<Group> |
getGroupsWhereSubjectDoesntHavePrivilege(String stemId,
Stem.Scope scope,
Subject subject,
Privilege privilege,
boolean considerAllSubject,
String sqlLikeString)
find the groups which do not have a certain privilege
|
Set<Group> |
getGroupsWhereSubjectHasPrivilege(Subject subject,
Privilege privilege)
Get all groups where subject has privilege.
|
Set<AccessPrivilege> |
getPrivileges(Group group,
Subject subject)
Get all privileges subject has on group.
|
Set<Stem> |
getStemsWhereGroupThatSubjectHasPrivilege(Subject subject,
Privilege privilege)
Get all stems which have groups where subject has privilege.
|
Set<Subject> |
getSubjectsWithPrivilege(Group group,
Privilege privilege)
Get all subjects with privilege on group.
|
void |
grantPrivilege(Group group,
Subject subject,
Privilege privilege,
String uuid)
Grant privilege to subject on group.
|
boolean |
hasPrivilege(Group group,
Subject subject,
Privilege privilege)
Check whether subject has privilege on group.
|
boolean |
hqlFilterGroupsNotWithPrivWhereClause(Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String groupColumn,
Privilege privilege,
boolean considerAllSubject)
for a group query, check to make sure the subject cant see the records
|
boolean |
hqlFilterGroupsWhereClause(Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String groupColumn,
Set<Privilege> privInSet)
for a group query, check to make sure the subject can see the records (if filtering HQL, you can do
the postHqlFilterGroups instead if you like)
|
Set<Group> |
postHqlFilterGroups(Set<Group> groups,
Subject subject,
Set<Privilege> privInSet)
after HQL is run, filter groups.
|
Set<Membership> |
postHqlFilterMemberships(Subject subject,
Set<Membership> memberships)
filter memberships for things the subject can see
|
Set<Stem> |
postHqlFilterStemsWithGroups(Set<Stem> stems,
Subject subject,
Set<Privilege> inPrivSet)
after HQL is run, filter stems that have groups with privs.
|
void |
privilegeCopy(Group g1,
Group g2,
Privilege priv)
Copies privileges for subjects that have the specified privilege on g1 to g2.
|
void |
privilegeCopy(Subject subj1,
Subject subj2,
Privilege priv)
Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.
|
Set<PrivilegeSubjectContainer> |
retrievePrivileges(Group group,
Set<Privilege> privileges,
MembershipType membershipType,
QueryPaging queryPaging,
Set<Member> additionalMembers)
get a list of privilege subjects, there are no results with the same subject
|
void |
revokeAllPrivilegesForSubject(Subject subject)
Revoke all access privileges that this subject has.
|
void |
revokePrivilege(Group group,
Privilege privilege)
Revoke privilege from all subjects on group.
|
void |
revokePrivilege(Group group,
Subject subject,
Privilege privilege)
Revoke privilege from subject on group.
|
void |
stop()
clean up resources, session is stopped
|
void stop()
GrouperSession getGrouperSession()
void flushCache()
Set<Group> getGroupsWhereSubjectHasPrivilege(Subject subject, Privilege privilege) throws IllegalArgumentException
subject
- privilege
- IllegalArgumentException
- if any parameter is null.AccessAdapter.getGroupsWhereSubjectHasPriv(edu.internet2.middleware.grouper.GrouperSession, Subject, Privilege)
Set<Group> getGroupsWhereSubjectDoesntHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString)
stemId
- scope
- subject
- privilege
- considerAllSubject
- sqlLikeString
- Set<Stem> getStemsWhereGroupThatSubjectHasPrivilege(Subject subject, Privilege privilege) throws IllegalArgumentException
subject
- privilege
- IllegalArgumentException
- if any parameter is null.AccessAdapter.getGroupsWhereSubjectHasPriv(edu.internet2.middleware.grouper.GrouperSession, Subject, Privilege)
Set<AccessPrivilege> getPrivileges(Group group, Subject subject) throws IllegalArgumentException
group
- subject
- IllegalArgumentException
- if any parameter is null.AccessAdapter.getPrivs(GrouperSession, Group, Subject)
Set<Subject> getSubjectsWithPrivilege(Group group, Privilege privilege) throws IllegalArgumentException
group
- privilege
- IllegalArgumentException
- if any parameter is null.AccessAdapter.getSubjectsWithPriv(GrouperSession, Group, Privilege)
void grantPrivilege(Group group, Subject subject, Privilege privilege, String uuid) throws IllegalArgumentException, UnableToPerformException
group
- subject
- privilege
- uuid
- send uuid if known, else nullIllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be granted.AccessAdapter#grantPriv(GrouperSession, Group, Subject, Privilege)
boolean hasPrivilege(Group group, Subject subject, Privilege privilege) throws IllegalArgumentException
group
- subject
- privilege
- IllegalArgumentException
- if any parameter is null.AccessAdapter.hasPriv(GrouperSession, Group, Subject, Privilege)
void revokePrivilege(Group group, Privilege privilege) throws IllegalArgumentException, UnableToPerformException
group
- privilege
- IllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be revoked.AccessAdapter.revokePriv(GrouperSession, Group, Privilege)
void revokePrivilege(Group group, Subject subject, Privilege privilege) throws IllegalArgumentException, UnableToPerformException
group
- subject
- privilege
- IllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be revoked.AccessAdapter.revokePriv(GrouperSession, Group, Subject, Privilege)
void privilegeCopy(Group g1, Group g2, Privilege priv) throws IllegalArgumentException, UnableToPerformException
g1
- g2
- priv
- IllegalArgumentException
UnableToPerformException
void privilegeCopy(Subject subj1, Subject subj2, Privilege priv) throws IllegalArgumentException, UnableToPerformException
subj1
- subj2
- priv
- IllegalArgumentException
UnableToPerformException
Set<Group> postHqlFilterGroups(Set<Group> groups, Subject subject, Set<Privilege> privInSet)
groups
- subject
- which needs view access to the groupsprivInSet
- find a privilege which is in this set
(e.g. for view, send all access privs). There are pre-canned sets in AccessAdapterSet<Stem> postHqlFilterStemsWithGroups(Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet)
stems
- subject
- inPrivSet
- boolean hqlFilterGroupsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet)
subject
- which needs view access to the groupshqlQuery
- hql
- the select and current from partgroupColumn
- is the name of the group column to join toprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs)boolean hqlFilterGroupsNotWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject)
subject
- which needs view access to the groupshqlQuery
- hql
- the select and current from partgroupColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set (e.g. for view, send all access privs)considerAllSubject
- if true, then consider GrouperAll when seeign if subject has priv, else do notSet<Membership> postHqlFilterMemberships(Subject subject, Set<Membership> memberships)
memberships
- subject
- void revokeAllPrivilegesForSubject(Subject subject)
subject
- Set<PrivilegeSubjectContainer> retrievePrivileges(Group group, Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, Set<Member> additionalMembers)
group
- to search onprivileges
- if blank, get allmembershipType
- if immediate, effective, or blank for allqueryPaging
- if a certain page should be returned, based on subjectadditionalMembers
- additional members to query that the user is finding or addingCopyright © 2016 Internet2. All rights reserved.